Affecting org.codehaus.plexus:plexus-utils artifact, versions [,3.0.24)Report new vulnerabilities
org.codehaus.plexus:plexus-utils is a collection of various utility classes to ease working with strings, files, command lines, XML and more.
Affected versions of this package are vulnerable to XML Injection.
org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a
--> sequence. This means that text contained in the command string could be interpreted as XML and allow for XML injection.
org.codehaus.plexus:plexus-utils to version 3.0.24 or higher.
- Florian Weimer
- Snyk ID
- 21 Sep, 2015
- 06 Sep, 2019